Spanish on-demand delivery company Glovo has reportedly become the victim of a cyberattack after a hacker accessed its systems.

The hacker broke into the company’s system on 29 April through an old administrator platform, Reuters has reported.

In an emailed statement, seen by Reuters, Glovo said: “We can confirm that no access was gained to client card data, as Glovo does not save or store such information.”

The company also claimed that the hacker was ejected as soon as the intrusion was detected.

The news was first broken by media company Forbes. Its report said that cybersecurity company Hold Security found the breach and that the hacker was selling login credentials of customer and courier accounts, which included the ability to change passwords.

Glovo did not respond to Forbes’ request for comment on the motives of the hacker.

Based in Barcelona, Glovo delivers everything from food to household supplies. It has a presence in 20 countries across the globe and more than 10 million users.

The cyberattack was reported less than a month after Glovo raised $541m (€450m) in funding.

Last December, Glovo achieved unicorn status by securing $167m in Series E funding led by investment company Mubadala.

The investment round was supported by the company’s previous investors Drake Enterprises, Idinvest and Lakestar.

Last November, Glovo also acquired Poland’s largest food delivery platform, Pizza Portal, for €30m plus a €5m earn-out.